Interesting People mailing list archives
regarding "Fort N.O.C.'s" in your January 20 edition
From: Dave Farber <dave () farber net>
Date: Wed, 28 Jan 2004 06:06:09 -0500
Delivered-To: dfarber+ () ux13 sp cs cmu edu Date: Wed, 28 Jan 2004 07:42:56 +0000 From: Paul Vixie <paul () vix com> Subject: this is for interesting-people Sender: vixie () vix com To: Dave Farber <dave () farber net> this just went out. seems like good fodder for [IP]. --- To: letters () MSNBC com Subject: C re: http://www.msnbc.msn.com/id/4009568/ I wish to correct several misstatements made by Brock Meeks in his article, "Fort N.O.C.'s", published January 20. I am speaking as an operator of the "F" root name server which was mentioned several times in this story. 1. "A" root is not special in any way. Our "F" root server receives updates from an unrelated server called SRS which is operated under contract from the US Department of Commerce and the Internet Corporation for Assigned Names and Numbers (ICANN). These updates are received by all 13 root name servers, with "A" root a peer of the other 12, having no special capability or importance. If any one of these 13 servers (including "A" root) were temporarily unavailable due to a failure or disaster, there would be no noticeable impact on the Internet as a whole. 2. The root name servers are not "operated on a volunteer basis" as stated in the article. Each of the twelve organizations named on <http://www.root-servers.org/> has funding and oversight from a local constituency. Operators include ISC (a US-based public benefit corporation) RIPE NCC (who serves the European internet community) the U S Department of Defense and NASA, the WIDE consortium in Japan, and others. For all twelve of us, operating a root name server is a concrete obligation, and not merely a "sense of duty". 3. VeriSign's spending toward "A" root is irrelevant, as is the number of "backups" they might have. Even if the portion of VeriSign's spending which is directly attributable to "A" root exceeded the aggregate spending by ISC's sponsors for the distributed footprint of "F" root -- which is unlikely -- the fact remains that a global attack affecting (9) of the 13 root name servers had no measureable affect on overall Internet performance or availability. For details, see <http://f.root-servers.org/october21.txt>. Diversity is very powerful! 4. Actually, there ARE requirements placed on the security and operations of root name servers. The Internet Engineering Task Force (IETF) has published two documents on this topic, RFC 2010 and RFC 2870, and any root server operator who fell out of compliance with these standards would be shamed and otherwise pressured into "shaping up or shipping out." Paradoxically, the only root server operator who could probably ignore IETF's standards without also worrying about losing their position is VeriSign. In closing, I'd like to point out that there is considerable divergence of viewpoint among the many people who are interested in root name service. Yet, one fact is never subject to debate: the DNS root server system is one of the most robust and reliable services in the history of data communications. See also: <http://www.ripe.net/ripencc/kroot-history-20040127.html>. Thank you for your time, Paul Vixie, "F" root---
------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- regarding "Fort N.O.C.'s" in your January 20 edition Dave Farber (Jan 28)